Firewalld and IPv6 routing on Rocky 8.6

I had configured IPv6 routing on a Rocky Linux base machine and a Rocky Linux VirtualBox VM (both migrated from CentOS 8.5)
My issue started after upgrading Rocky from 8.5 to 8.6.

The issue on the VM:

  1. cannot update via DNF (timeout).
  2. letsencrypt does not update (connection timeout).

ping6 to inside from outside and outside to inside works on VM.
curl -6, curl -6 works from inside VM.

Everything works if I stop the firewalld service on the base machine, but the ssh connection to the VM is disconnected, and I have to re-login.

What should I do?

Are you saying that under CentOS 8.5 you were able to connect from a VirtualBox guest (via it’s hardware based host) to the DNF endpoints using pure IPv6, via some kind of router and without any translation?

I think you’re also saying it’s only the VM guest that’s broken, and that the hardware based host connects perfectly to the DNF endpoints using pure IPv6?

Which 8.6’s kernel, the initial 4.18.0-372.9.1.el8 or the recent 4.18.0-372.13.1.el8_6 ?

First, I don’t know VirtualBox for I do use libvirt/KVM “out of the box”. On the latter, if VM’s are in “virtual subnet” (I also tend to use bridged i.e. VM’s are on the external “concrete” subnet), then the host must route between subnets and there are nftables rules injected by libvirt/firewalld that make that routing happen. Shutting down firewall probably erases those rules, which changes routing and in turn affects connections. Presumably.


It is a Hetzner Dedicated Server.

OK, I have done some sysctl settings also.

Many thanks for the replies.
I was trying many changes to sysctl.conf and firewalld.
Today morning I see that everything is working fine.
I am still unsure whether my settings did the trick or if some system update solved the issue.

I updated everything, including the kernels, which are now at 4.18.0-372.13.1.el8_6.